FastAPIframework~30 mins

OAuth2 password flow in FastAPI - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

OAuth2 Password Flow with FastAPI

📖 Scenario: You are building a simple API that requires users to log in using their username and password. You want to secure your API endpoints using OAuth2 password flow, which is a common way to handle user authentication.

🎯 Goal: Create a FastAPI app that implements OAuth2 password flow. You will set up user data, configure OAuth2 password bearer, write the login logic to verify users, and protect an API route that only logged-in users can access.

📋 What You'll Learn

Create a dictionary called fake_users_db with one user entry: username alice and password secret123

Create an OAuth2PasswordBearer instance called oauth2_scheme with token URL /token

Write a function authenticate_user that takes username and password and returns True if they match the user in fake_users_db, else False

Create a /token POST route that accepts form data username and password, uses authenticate_user, and returns a JSON with access_token and token_type

Create a protected /users/me GET route that requires a valid token from oauth2_scheme and returns the current username

💡 Why This Matters

🌍 Real World

OAuth2 password flow is commonly used in APIs to securely authenticate users with username and password, issuing tokens for session management.

💼 Career

Understanding OAuth2 password flow is essential for backend developers building secure APIs and services that require user authentication.

Progress0 / 4 steps

Set up user data dictionary

Create a dictionary called fake_users_db with one user entry: key alice and value another dictionary with key password and value secret123.

FastAPI

# Create the fake_users_db dictionary with user alice and password secret123
# Your code here

Need a hint?

Use a dictionary with username as key and a nested dictionary with password key.

Configure OAuth2PasswordBearer

Import OAuth2PasswordBearer from fastapi.security and create an instance called oauth2_scheme with tokenUrl="/token".

FastAPI

fake_users_db = {
    "alice": {"password": "secret123"}
}

# Import OAuth2PasswordBearer and create oauth2_scheme with tokenUrl='/token'
# Your code here

Need a hint?

Use OAuth2PasswordBearer with the token URL where users will send their login data.

Write user authentication function

Define a function called authenticate_user that takes username and password. It returns True if username is in fake_users_db and the password matches, otherwise returns False.

FastAPI

from fastapi.security import OAuth2PasswordBearer

fake_users_db = {
    "alice": {"password": "secret123"}
}

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")

# Define authenticate_user function
# Your code here

Need a hint?

Check if username exists and password matches, then return True, else False.

Create token and protected routes

Import FastAPI, Depends, and HTTPException from fastapi. Create a FastAPI app instance called app. Add a POST route /token that accepts form data username and password using OAuth2PasswordRequestForm. Use authenticate_user to verify credentials. If valid, return JSON with access_token set to username and token_type set to bearer. If invalid, raise HTTPException with status 401. Then add a GET route /users/me that depends on oauth2_scheme to get the token and returns JSON with username equal to the token.

FastAPI

from fastapi.security import OAuth2PasswordBearer

def authenticate_user(username: str, password: str) -> bool:
    if username in fake_users_db and fake_users_db[username]["password"] == password:
        return True
    return False

fake_users_db = {
    "alice": {"password": "secret123"}
}

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")

# Create FastAPI app and routes
# Your code here

Need a hint?

Use OAuth2PasswordRequestForm to get form data, verify user, raise 401 if invalid, else return token. Protect /users/me with oauth2_scheme.